github/wonderwall
1
0
Fork 0
mirror of https://github.com/nais/wonderwall.git synced 2026-05-13 03:47:02 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
7f93c62604f00a4eac11bf321b792f3f77ef85e9
wonderwall/pkg/session/store_redis.go
Trong Huu Nguyen c0138f4b49 feat(session): use locks for refreshing 
One of the changes in OAuth 2.1 addresses attacks with refresh token
replays by recommending the use of one-time use tokens. A refresh token
is thus rotated and invalid after exactly one use, returning a new token
for each successful grant. Any further attempts must thus use the most
recently acquired refresh token. Reusing a refresh token may also
cause the authorization server to invalidate the current active refresh
token, requiring a refresh authorization grant to be reacquired for
further refresh token usage.

The use of locks prevents multiple refresh grant attempts for a given
session from happening across concurrent requests.
2022-09-04 17:14:35 +02:00

87 lines
2.0 KiB
Go
Raw Blame History

package session
import (
"context"
"errors"
"fmt"
"time"
"github.com/go-redis/redis/v8"
"github.com/nais/wonderwall/pkg/metrics"
)
type redisSessionStore struct {
client redis.Cmdable
}
var _ Store = &redisSessionStore{}
func NewRedis(client redis.Cmdable) Store {
return &redisSessionStore{
client: client,
}
}
func (s *redisSessionStore) Read(ctx context.Context, key string) (*EncryptedData, error) {
encryptedData := &EncryptedData{}
err := metrics.ObserveRedisLatency(metrics.RedisOperationRead, func() error {
return s.client.Get(ctx, key).Scan(encryptedData)
})
if err == nil {
return encryptedData, nil
}
if errors.Is(err, redis.Nil) {
return nil, fmt.Errorf("%w: %s", KeyNotFoundError, err.Error())
}
return nil, fmt.Errorf("%w: %s", UnexpectedError, err.Error())
}
func (s *redisSessionStore) Write(ctx context.Context, key string, value *EncryptedData, expiration time.Duration) error {
err := metrics.ObserveRedisLatency(metrics.RedisOperationWrite, func() error {
return s.client.Set(ctx, key, value, expiration).Err()
})
if err != nil {
return fmt.Errorf("%w: %s", UnexpectedError, err.Error())
}
return nil
}
func (s *redisSessionStore) Delete(ctx context.Context, keys ...string) error {
err := metrics.ObserveRedisLatency(metrics.RedisOperationDelete, func() error {
return s.client.Del(ctx, keys...).Err()
})
if err == nil {
return nil
}
if errors.Is(err, redis.Nil) {
return fmt.Errorf("%w: %s", KeyNotFoundError, err.Error())
}
return fmt.Errorf("%w: %s", UnexpectedError, err.Error())
}
func (s *redisSessionStore) Update(ctx context.Context, key string, value *EncryptedData) error {
_, err := s.Read(ctx, key)
if err != nil {
return err
}
err = metrics.ObserveRedisLatency(metrics.RedisOperationUpdate, func() error {
return s.client.Set(ctx, key, value, redis.KeepTTL).Err()
})
if err != nil {
return fmt.Errorf("%w: %s", UnexpectedError, err.Error())
}
return nil
}
func (s *redisSessionStore) MakeLock(key string) Lock {
return NewRedisLock(s.client, key)
}
Reference in New Issue View Git Blame Copy Permalink